/*
package com.example.online.music.security.config;

import com.example.online.music.security.filter.JwtAuthenticationFilter;
import com.example.online.music.security.handler.JwtAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;

*/
/**
 * @author zhaojunsir
 * Security配置文件
 *//*

@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Configuration
public class SecurityConfig {
  */
/**
   * 测试使用的，后续需要根据实际修改
   *//*


  private static final String[] WHITE_URL_LIST = {"/login", "/logout","/img/**"};
  @Autowired
  private AuthenticationSuccessHandler authenticationSuccessHandler;
  @Autowired
  private AuthenticationFailureHandler authenticationFailureHandler;
  @Autowired
  private UserDetailsService userDetailsService;
  @Autowired
  private JwtAuthenticationFilter jwtAuthenticationFilter;
  @Autowired
  private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
  @Autowired
  private LogoutSuccessHandler logoutSuccessHandler;
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
            //1 开启跨域
            .cors()
            //2 关闭CRSF跨域攻击防护  没有这行代码会导致用户无法被认证，实际开发中不要关闭
            .and()
            .csrf()
            .disable()
            //3 登录配置
            .formLogin()
            //3.1 登录成功处理器
            .successHandler(authenticationSuccessHandler)
            //3.2 登录失败处理器
            .failureHandler(authenticationFailureHandler)
            //4 登出配置
            .and()
            .logout()
            //4.1 登出成功处理器
            .logoutSuccessHandler(logoutSuccessHandler)
            //5 Session禁用
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            //6 白名单配置 直接放行
            .and()
            .authorizeRequests()
            .antMatchers(WHITE_URL_LIST)
            .permitAll()
            //其他均需认证
            .anyRequest()
            .authenticated()
            //6 异常配置
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            //7 过滤器配置
            .and()
            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
            //8 用户信息配置  从数据库加载
            //.and()
            .userDetailsService(userDetailsService);
           //9

    return http.build();
  }

  */
/**
   * 密码加密  否则后台报错
   *//*

  @Bean
  public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  */
/**
   * 重新注入StrictHttpFirewall对象，就可以让它支持//的模式。默认不支持补报错
   * @return HttpFirewall
   *//*

  @Bean
  public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
    StrictHttpFirewall firewall = new StrictHttpFirewall();
    //此处可添加别的规则,目前只设置 允许双 //
    firewall.setAllowUrlEncodedDoubleSlash(true);
    return firewall;
  }

  */
/**
   * @Description: TODO 暂时忽略所有请求（待权限管理完全开发完成后再恢复）
   * @Author: yang_yong
   * @CreateTime:
   * @return: org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
   **//*

  @Bean
  public WebSecurityCustomizer webSecurityCustomizer(){
    return web -> web.ignoring().antMatchers("/**");
  }
}*/
